Skip to main content
SpringerLink
Log in

ForensiQ: A Knowledge Graph Question Answering System for IoT Forensics

  • Conference paper
  • First Online:
Digital Forensics and Cyber Crime (ICDF2C 2023)

Included in the following conference series:

  • 112 Accesses

Abstract

The increasing number of attacks against the Internet of Things (IoT) has made IoT forensics critically important for reporting and mitigating cyber incidents and crimes. However, the heterogeneity of IoT environments and the complexity and volume of IoT data present significant challenges to forensic practitioners. The advent of question answering (QA) systems and large language models (LLM) offers a potential solution to accessing sophisticated IoT forensic knowledge and data. In light of this, we propose ForensiQ, a framework based on knowledge graph question answering (KGQA), to help investigators navigate complex IoT forensic artifacts and cybersecurity knowledge. Our framework integrates knowledge graphs (KG) into the IoT forensic workflow to better organize and analyze forensic artifacts. We also have developed a novel KGQA model that serves as a natural-language user interface to the IoT forensic KG. Our evaluation results show that, compared to existing KGQA models, ForensiQ demonstrates higher accuracy in answering natural language questions when applied to our experimental IoT forensic KG.

This work was supported in part by the National Science Foundation (award no. 1663105) and National Security Agency (award no. H98230-20-1-0408).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.fingerbank.org.

References

  1. Alabdulsalam, S., Schaefer, K., Kechadi, T., Le-Khac, N.-A.: Internet of things forensics – challenges and a case study. In: DigitalForensics 2018. IAICT, vol. 532, pp. 35–48. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99277-8_3

    Chapter  Google Scholar 

  2. Atlam, H.F., Hemdan, E.E.D., Alenezi, A., Alassafi, M.O., Wills, G.B.: Internet of things forensics: a review. Internet Things 11, 100220 (2020)

    Article  Google Scholar 

  3. Busbridge, D., Sherburn, D., Cavallo, P., Hammerla, N.Y.: Relational graph attention networks. arXiv preprint arXiv:1904.05811 (2019)

  4. Chen, Y., Kuang, J., Cheng, D., Zheng, J., Gao, M., Zhou, A.: AgriKG: an agricultural knowledge graph and its applications. In: Database Systems for Advanced Applications, pp. 533–537 (2019)

    Google Scholar 

  5. Dadkhah, S., Mahdikhani, H., Danso, P.K., Zohourian, A., Truong, K.A., Ghorbani, A.A.: Towards the development of a realistic multidimensional IoT profiling dataset. In: 2022 19th Annual International Conference on Privacy, Security & Trust (PST), pp. 1–11 (2022)

    Google Scholar 

  6. Daniele, L., den Hartog, F., Roes, J.: Created in close interaction with the industry: the smart appliances REFerence (SAREF) ontology. In: Formal Ontologies Meet Industry, pp. 100–112 (2015)

    Google Scholar 

  7. Devlin, J., Chang, M.W., Lee, K., Toutanova, K.: BERT: pre-training of deep bidirectional transformers for language understanding. In: Proceedings of the 2019 Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies, Volume 1 (Long and Short Papers), pp. 4171–4186 (2019)

    Google Scholar 

  8. Dosis, S., Homem, I., Popov, O.: Semantic representation and integration of digital evidence. Procedia Comput. Sci. 22, 1266–1275 (2013). https://doi.org/10.1016/j.procs.2013.09.214

    Article  Google Scholar 

  9. Ekelhart, A., Ekaputra, F.J., Kiesling, E.: The SLOGERT framework for automated log knowledge graph construction. In: The Semantic Web, pp. 631–646 (2021)

    Google Scholar 

  10. Ellison, D., Ikuesan, R.A., Venter, H.S.: Ontology for reactive techniques in digital forensics. In: 2019 IEEE Conference on Application, Information and Network Security (AINS), pp. 83–88 (2019)

    Google Scholar 

  11. Haller, A., Janowicz, K., Cox, S., Phuoc, D.L., Taylor, K., LefrançSois, M.: Semantic sensor network ontology. W3c recommendation, W3C (2017)

    Google Scholar 

  12. He, P., Zhu, J., Zheng, Z., Lyu, M.R.: Drain: an online log parsing approach with fixed depth tree. In: 2017 IEEE International Conference on Web Services (ICWS), pp. 33–40 (2017)

    Google Scholar 

  13. He, S., Zhu, J., He, P., Lyu, M.R.: Loghub: a large collection of system log datasets towards automated log analytics. arXiv preprint arXiv:2008.06448 (2020)

  14. Huang, X., Zhang, J., Li, D., Li, P.: Knowledge graph embedding based question answering. In: Proceedings of the Twelfth ACM International Conference on Web Search and Data Mining, pp. 105–113 (2019)

    Google Scholar 

  15. Janarthanan, T., Bagheri, M., Zargari, S.: IoT forensics: an overview of the current issues and challenges. In: Montasari, R., Jahankhani, H., Hill, R., Parkinson, S. (eds.) Digital Forensic Investigation of Internet of Things (IoT) Devices. ASTSA, pp. 223–254. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-60425-7_10

    Chapter  Google Scholar 

  16. Karagiannis, C., Vergidis, K.: Digital evidence and cloud forensics: contemporary legal challenges and the power of disposal. Information 12(5), 181 (2021)

    Article  Google Scholar 

  17. Kiesling, E., Ekelhart, A., Kurniawan, K., Ekaputra, F.: The SEPSES knowledge graph: an integrated resource for cybersecurity. In: The Semantic Web – ISWC 2019, pp. 198–214 (2019)

    Google Scholar 

  18. Koroniotis, N., Moustafa, N., Sitnikova, E.: A new network forensic framework based on deep learning for internet of things networks: a particle deep framework. Futur. Gener. Comput. Syst. 110, 91–106 (2020)

    Article  Google Scholar 

  19. Li, A., Wei, Q., Han, C., Xing, X.: Research on the construction of smart care question answering system based on knowledge graph. Procedia Comput. Sci. 214, 1595–1602 (2022)

    Article  Google Scholar 

  20. Li, M., Ji, S.: Semantic structure based query graph prediction for question answering over knowledge graph. In: Proceedings of the 29th International Conference on Computational Linguistics, pp. 1569–1579 (2022)

    Google Scholar 

  21. Li, S., Choo, K.K.R., Sun, Q., Buchanan, W.J., Cao, J.: IoT forensics: amazon echo as a use case. IEEE Internet Things J. 6(4), 6487–6497 (2019)

    Article  Google Scholar 

  22. Liu, Y., et al.: RoBERTa: a robustly optimized BERT pretraining approach. arXiv preprint arXiv:1907.11692 (2019)

  23. Omar, R., Mangukiya, O., Kalnis, P., Mansour, E.: ChatGPT versus traditional question answering for knowledge graphs: current status and future directions towards knowledge graph Chatbots. arXiv preprint arXiv:2302.06466 (2023)

  24. oneM2M: oneM2M Technical Specification TS-0012-V3.7.3. onem2m technical specification, oneM2M (2021)

    Google Scholar 

  25. Rizal, R., Riadi, I., Prayudi, Y.: Network forensics for detecting flooding attack on internet of things (IoT) device. Int. J. Cyber-Secur. Digit. Forensics 7(4), 382–390 (2018)

    Google Scholar 

  26. Rohith, R., et al.: SCAPY- a powerful interactive packet manipulation program. In: 2018 International Conference on Networking, Embedded and Wireless Systems (ICNEWS), pp. 1–5 (2018)

    Google Scholar 

  27. Saxena, A., Tripathi, A., Talukdar, P.: Improving multi-hop question answering over knowledge graphs using knowledge base embeddings. In: Proceedings of the 58th Annual Meeting of the Association for Computational Linguistics, pp. 4498–4507 (2020)

    Google Scholar 

  28. Shi, J., Cao, S., Hou, L., Li, J., Zhang, H.: TransferNet: an effective and transparent framework for multi-hop question answering over relation graph. In: Proceedings of the 2021 Conference on Empirical Methods in Natural Language Processing, pp. 4149–4158 (11 2021)

    Google Scholar 

  29. Sikos, L.F.: Knowledge representation to support partially automated honeypot analysis based on wireshark packet capture Files. In: Intelligent Decision Technologies 2019, pp. 345–351 (2020)

    Google Scholar 

  30. Sikos, L.F.: AI in digital forensics: ontology engineering for cybercrime investigations. Wiley Interdisc. Rev. Forensic Sci. 3(3), e1394 (2021)

    Article  Google Scholar 

  31. Tan, Y., et al.: Evaluation of ChatGPT as a question answering system for answering complex questions. arXiv preprint arXiv:2303.07992 (2023)

  32. Tan, Y., et al.: Research on knowledge driven intelligent question answering system for electric power customer service. Procedia Comput. Sci. 187, 347–352 (2021)

    Article  Google Scholar 

  33. Wu, T., Breitinger, F., Baggili, I.: IoT ignorance is digital forensics research bliss: a survey to understand IoT forensics definitions, challenges and future research directions. In: Proceedings of the 14th International Conference on Availability, Reliability and Security (2019). https://doi.org/10.1145/3339252.3340504

  34. Yun, F., Feng, Z., Baofeng, L., Yongfeng, C.: Research on intelligent fault diagnosis of power acquisition based on knowledge graph. In: 2019 3rd International Conference on Electronic Information Technology and Computer Engineering (EITCE), pp. 1737–1740 (2019)

    Google Scholar 

  35. Zawoad, S., Hasan, R., Skjellum, A.: OCF: an open cloud forensics model for reliable digital forensics. In: 2015 IEEE 8th International Conference on Cloud Computing, pp. 437–444. IEEE (2015)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Tennessee at Chattanooga, Chattanooga, TN, 37403, USA

    Ruipeng Zhang & Mengjun Xie

Authors
  1. Ruipeng Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Mengjun Xie
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mengjun Xie .

Editor information

Editors and Affiliations

  1. University of Albany, Albany, GA, USA

    Sanjay Goel

  2. Universidade Federal do Espírito Santo, Alegre, Brazil

    Paulo Roberto Nunes de Souza

Rights and permissions

Reprints and permissions

Copyright information

© 2024 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhang, R., Xie, M. (2024). ForensiQ: A Knowledge Graph Question Answering System for IoT Forensics. In: Goel, S., Nunes de Souza, P.R. (eds) Digital Forensics and Cyber Crime. ICDF2C 2023. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 571. Springer, Cham. https://doi.org/10.1007/978-3-031-56583-0_20

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-56583-0_20

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-56582-3

  • Online ISBN: 978-3-031-56583-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation